Design Studio V101
v1.0.1Professional design studio for creating covers, banners, avatars, logos, mockups, portfolios and GIF animations. Use when you need to create designs for free...
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the provided assets: Python scripts for generating banners, avatars, GIFs, mockups and an SVG library. However SKILL.md and README list runtime dependencies (Pillow, svgwrite, CairoSVG, ImageMagick, Inkscape, GIMP, fonttools, system fonts) while the registry metadata declares no required binaries or packages. That mismatch is not necessarily malicious but is an inconsistency developers should fix (declare dependencies or make scripts self-contained).
Instruction Scope
The runtime instructions direct the agent to run the included Python scripts and to use local reference files (color palettes, font pairing docs, SVG elements). The scripts operate on local inputs (CSV, image files) and produce images/reports. I found no instructions or code in the provided excerpts that attempt to read unrelated system credentials, environment variables, or transmit data to external endpoints. The scripts do reference system font paths (e.g., /usr/share/fonts) and will read/write files in output directories — expected for this purpose.
Install Mechanism
There is no install spec (instruction-only), which is low risk. The package contains Python scripts and resource files bundled in the skill — nothing in the provided manifest points to downloads from external URLs or archive extraction. That said, the agent or user must install Python packages and optional CLI tools manually; the skill doesn't provide an install script or declare those dependencies in metadata.
Credentials
The skill requests no environment variables or credentials. The documented dependencies (external binaries and Python libs) are appropriate for image/SVG processing. The only notable environment assumptions are hard-coded system font paths and optional CLI tools; those are plausible for a design skill but should be documented in metadata so users understand what will be accessed/needed.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill does not request permanent platform presence or attempt to modify other skills or system-wide agent settings in the provided files. Scripts create output files and reports in local directories (expected).
Assessment
This skill is a local Python-based design toolkit and appears coherent with its description. Before installing or running it: 1) Ensure you install the declared Python packages (Pillow, svgwrite, cairosvg, fonttools) and optional binaries (ImageMagick, Inkscape, GIMP) in a controlled environment (virtualenv or sandbox). 2) Note the skill reads/writes files (CSV inputs, output images, reports) and references system font paths — verify those paths are safe on your system. 3) The package includes a Telegram contact in README for paid work; that is external contact info but not used by the code. 4) If you need higher assurance, inspect the omitted files (10 files truncated in the manifest) for network calls or unexpected subprocess usage before running. 5) Run first-time operations on non-sensitive sample data or inside a container. If you want, I can scan the remaining/truncated files for networking, subprocess.exec, or suspicious patterns before you run it.Like a lobster shell, security has layers — review code before you run it.
latestvk97f8trk2p8fy1ghbsahwk5sbs847q40
License
MIT-0
Free to use, modify, and redistribute. No attribution required.